The going forward costs of reputation risk include lost revenues and extraordinary operational expenses.
“Nervous corporate clients are putting off signing new contracts until Equifax can assure them its systems are secure. Several have demanded IT audits. ‘We're hoping to win back their trust,’” said CFO John Gamble

Post a Comment

In early July, international health insurance giant Bupa confirmed an employee had stolen data relating to 547,000 clients and was trying to sell it online. Reputation risk as a possible consequence of the cyber event.
“A cyber breach [including employee theft of computer data] does not necessarily damage an institution’s reputation,” Kossovsky said. “Reputation risk is the risk of leaving stakeholders disappointed and emotionally charged... (a)nd doubt, of course, is what reputation risk looks like.”

It's the CEO's fault, of course, reports Fortune Magazine. According to a survey of 200 Directors conducted by the New York Stock Exchange, more than 2 in 5 respondents said the CEOs should face the brunt of…breach-related backlash. The same seems to be true for any enterprise-level risk.

Damage the firm's reputation, and Directors can get very aggressive. It's no different than in the 1990's when Warren Buffet warned employees at Solomon that if they damaged "a shred" of the firm's reputation, he would be ruthless. Except it is different.

Today, investors are getting very aggressive. They are using enterprise-level disasters to indict the Board of Directors, and build the case that Proxy Access--the right to nominate directors without approval of the Board--is an essential strategic "weapon" to help focus the board's attention. Apparently, we've come a long way from needing merely a 2x4.

Nothing speaks reputation risk management success like having a boring crisis. No declarations of regulatory opprobrium from shocked regulators, although a few State Attorneys General are probing, looking for some political points. No demands for the heads of directors and officers from activist investors. No hand wringing in the blogosphere from any other aggrieved stakeholder group.

No one seems the least bit surprised. According to an analysis published by Consensiv, the reputation controls company, based on reputation value metrics we used by Steel City Re, JPMorgan Chase’s reputation premium, a measure of additional value arising from favorable stakeholder expectations, is up slightly to the 91st percentile within its peer group since the breach was first disclosed in July.

Post a Comment

The virtual world is no utopia. Even in the fantasy world of Woody Allen, as depicted in the film, Sleeper, where cloning is a reality, the only remnants of a blown-up leader -- his nose -- can be taken hostage. It is even worse in the cyberworld,.

When an incident does occur, added Glockner, companies need to be open about it, which he noted companies are getting better at, as states have enacted regulation calling for disclosures and as society continues to embrace technology. “As companies see themselves as no longer alone in addressing cybersecurity issues, I think they become more comfortable talking about it…and realizing that if it’s going to come out…maybe you’re better off getting ahead of the problem.”

According to Security Management, "These types of crime have become the most common complaints that the FBI received in 2012, with 289,874 complaints total for the year, averaging more than 24,000 complaints per month, according to an FBI press release announcing the 2012 Internet Crime Report issued in May 2013."